Alireza Gharib Blog

CVE ID : CVE-2024-57823 Published : Jan. 10, 2025, 1:15 p.m. | 37 minutes ago Description : In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline,…

CVE ID : CVE-2024-57822 Published : Jan. 10, 2025, 1:15 p.m. | 37 minutes ago Description : In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal(). Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline,…

CVE ID : CVE-2025-23016 Published : Jan. 10, 2025, 12:15 p.m. | 1 hour, 37 minutes ago Description : FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. Severity: 9.3 | CRITICAL…

CVE ID : CVE-2025-21380 Published : Jan. 9, 2025, 11:15 p.m. | 14 hours, 37 minutes ago Description : Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to…

CVE ID : CVE-2025-21385 Published : Jan. 9, 2025, 10:15 p.m. | 15 hours, 37 minutes ago Description : A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more……

CVE ID : CVE-2024-10215 Published : Jan. 9, 2025, 8:15 p.m. | 17 hours, 37 minutes ago Description : The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system…

CVE ID : CVE-2025-21628 Published : Jan. 9, 2025, 6:15 p.m. | 19 hours, 37 minutes ago Description : Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of query_operator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector…

CVE ID : CVE-2025-22542 Published : Jan. 9, 2025, 4:16 p.m. | 21 hours, 36 minutes ago Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ofek Nakar Virtual Bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through 1.0.0. Severity: 9.3 | CRITICAL Visit the link for…

CVE ID : CVE-2025-22540 Published : Jan. 9, 2025, 4:16 p.m. | 21 hours, 36 minutes ago Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sebastian Orellana Emailing Subscription allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through 1.4.1. Severity: 9.3 | CRITICAL Visit the link for…

CVE ID : CVE-2025-22537 Published : Jan. 9, 2025, 4:16 p.m. | 21 hours, 36 minutes ago Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in traveller11 Google Maps Travel Route allows SQL Injection.This issue affects Google Maps Travel Route: from n/a through 1.3.1. Severity: 8.5 | HIGH Visit the…